CN114666125A - Resource management method and device and server - Google Patents

Resource management method and device and server Download PDF

Info

Publication number
CN114666125A
CN114666125A CN202210283909.7A CN202210283909A CN114666125A CN 114666125 A CN114666125 A CN 114666125A CN 202210283909 A CN202210283909 A CN 202210283909A CN 114666125 A CN114666125 A CN 114666125A
Authority
CN
China
Prior art keywords
application
api
resource
resource management
platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210283909.7A
Other languages
Chinese (zh)
Other versions
CN114666125B (en
Inventor
钱汉栋
黄永
徐攀登
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Cloud Computing Ltd
Original Assignee
Alibaba Cloud Computing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Cloud Computing Ltd filed Critical Alibaba Cloud Computing Ltd
Priority to CN202210283909.7A priority Critical patent/CN114666125B/en
Publication of CN114666125A publication Critical patent/CN114666125A/en
Application granted granted Critical
Publication of CN114666125B publication Critical patent/CN114666125B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a resource management method, a resource management device and a resource management server. According to the application, richer data services can be provided for the user through the third-party application, so that the diversified requirements of the user are met, and the problem of insufficient coverage of the service range of the application platform is solved; in addition, the application platform configures the second API for the third-party application, so that the resource access range of the third-party application can be limited, the third-party application is prevented from abusing the authority, and the data security of the user is guaranteed.

Description

Resource management method and device and server
Technical Field
The present application relates to the technical field of resource management, and in particular, to a resource management method, an apparatus, and a server.
Background
The resource management platform is a full-flow platform for establishing data intellectualization, can provide functions of data cloud application, data management, data analysis, data decision, result display and the like, helps customers to realize data resource management, potential rule mining and decision optimization, and is widely applied at present.
In the related art, in order to provide richer data services for users and meet user requirements, third-party applications are usually introduced outside self-research applications on a resource management platform, and when the users use the third-party applications, the users are required to authorize data resources required by the third-party applications to the third-party applications, and after authorization, the problem of misuse of permissions of the third-party applications easily occurs, so that user data security is seriously affected.
Disclosure of Invention
Various aspects of the present application provide a resource management method, a resource management device, and a server, so as to solve the technical problem that in an existing data resource service scenario, after a third party is applied to a resource management platform, the security of user data is difficult to guarantee.
In a first aspect, an embodiment of the present application provides a resource management method, which is applied to a first server, where an application platform based on a resource management platform is deployed in the first server, the resource management platform includes a first working space corresponding to the application platform, the first working space corresponds to at least one first API, and the application platform is configured to access an application data resource in the resource management platform based on the first API;
the resource management method comprises the following steps: in response to receiving a parking application sent by a client, acquiring identification information of a second API according to the parking application, wherein the second API is at least part of APIs in the first API, and the parking application is used for applying for parking a third party application on an application platform; and creating a second working space of the third-party application on the resource management platform according to the identification information of the second API, and configuring the second API for the second working space so as to realize the entrance of the third-party application.
In a second aspect, an embodiment of the present application further provides a resource management method, which is applied to a second server, where a third-party application of an application platform is deployed in the second server, the third-party application resides in an application platform based on a resource management platform, the resource management platform includes a second working space corresponding to the third-party application, the second working space corresponds to at least one target API, the application platform is configured to access a data resource in the resource management platform based on the target API, and the data resource includes a user data resource;
the resource management method comprises the following steps: receiving a resource access request sent by a client, wherein the resource access request carries identification information of an accessed target resource; determining a target resource corresponding to the identification information in the user data resource of the resource management platform; acquiring a target resource in the user data resource from the resource management platform based on an identity certificate corresponding to the target API, wherein the identity certificate corresponding to the target API is authorized to be applied by a third party by a user corresponding to the user data resource; and sending the target resource to the client.
In a third aspect, an embodiment of the present application further provides a resource management apparatus, which is applied to a first server, where an application platform based on a resource management platform is deployed in the first server, the resource management platform includes a first working space corresponding to the application platform, the first working space corresponds to at least one first API, and the application platform is configured to access an application data resource in the resource management platform based on the first API;
the resource management device includes: the first processing module is used for responding to a received parking application sent by a client and acquiring identification information of a second API according to the parking application, wherein the second API is at least part of APIs in the first API, and the parking application is used for applying for parking a third-party application on an application platform; and the second processing module is used for creating a second working space of the third-party application on the resource management platform according to the identification information of the second API, and configuring the second API for the second working space so as to realize the immigration of the third-party application.
In a fourth aspect, an embodiment of the present application further provides a resource management apparatus, which is applied to a second server, where a third-party application of an application platform is deployed in the second server, the third-party application resides in an application platform based on a resource management platform, the resource management platform includes a second working space corresponding to the third-party application, the second working space corresponds to at least one target API, the application platform is configured to access a data resource in the resource management platform based on the target API, and the data resource includes a user data resource;
the resource management device includes: the sending module is used for sending a parking application to the first server; the resident application is used for indicating identification information of a second API, the second API is at least part of the first API, and the first server is used for creating a second working space of the third-party application on the resource management platform according to the resident application and configuring the second API for the second working space.
In a fifth aspect, embodiments of the present application further provide a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the resource management method as provided in the first aspect and/or the second aspect is implemented.
In a sixth aspect, an embodiment of the present application further provides a server, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the server to perform the resource management method of any one of the first and/or second aspects.
In the embodiment of the application, a resource management method, a resource management device and a server are provided, wherein a first server responds to a received parking application sent by a client, acquires identification information of a second API according to the parking application, creates a second working space of a third-party application on a resource management platform according to the identification information of the second API, and configures the second API for the third application to finish the parking of the third-party application. In the embodiment of the application, the third-party application is embedded into the application platform, richer data services can be provided for the user through the third-party application, so that the user requirements are met, meanwhile, the second API is configured for the third-party application through the application platform, the resource access range of the third-party application is limited, the abuse permission of the third-party application can be prevented, the data security of the user is further guaranteed, and compared with a mode of issuing tokens through an OAuth protocol, the authorization mode does not need to transmit token data, and the security is higher.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic view of a scenario of a resource management method according to an exemplary embodiment of the present application;
FIG. 2 is a first flowchart illustrating a resource management method according to an exemplary embodiment of the present disclosure;
FIG. 3 is a first schematic diagram illustrating a resource management method according to an exemplary embodiment of the present disclosure;
fig. 4 is a flowchart illustrating a resource management method according to an exemplary embodiment of the present application;
fig. 5 is a third flowchart illustrating a resource management method according to an exemplary embodiment of the present application;
FIG. 6 is a schematic diagram illustrating a resource management method according to an exemplary embodiment of the present application;
FIG. 7 is a schematic diagram illustrating a resource management method according to an exemplary embodiment of the present application;
fig. 8 is a first schematic structural diagram of a resource management apparatus according to an exemplary embodiment of the present application;
fig. 9 is a schematic structural diagram of a resource management apparatus according to an exemplary embodiment of the present application;
fig. 10 is a schematic structural diagram of a server according to an exemplary embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
First, the meanings of some words appearing in the examples of the present application are explained in relation to:
and (3) DataQ: the data resource platform is a full-flow platform for realizing data asset definition, processing, management and service, can provide functions of data synchronization, data exploration, data standard, data modeling, data processing, quality assessment, label construction, asset management, data service, portrait analysis, model construction and the like, and provides full, standard, clean and intelligent continuous and stable data resource supply for intelligent data application.
A third party application: is related software developed by other organizations or individuals than the software editor for the functional deficiency of certain software or applications.
Open Authorization, OAuth, provides a secure, Open, yet easy standard for Authorization of user data resources.
In the related art, in order to provide richer data services for users and meet user requirements, third-party applications are generally introduced in addition to self-research applications on a resource management platform, and when the users use the third-party applications, the users are required to authorize data resources required by the third-party applications to the third-party applications, and accordingly, the third-party applications also need to be resident in the application platform to use the data resources on the resource management platform.
At present, the OAuth protocol is usually adopted to realize authorization, however, the main core of the authorization mode is to issue a token to the third-party application, so that the third-party application obtains corresponding resources through the token, which requires that the third-party application needs to log in by using a login system of a data opener. In such a way, the token is easy to leak, and the risk of misusing the authority is easy to occur after the third-party application logs in, so that the security of the user data resource is difficult to guarantee.
In view of this, embodiments of the present application provide a resource management method, an apparatus, and a server, where a first server responds to a parking application sent by a client, creates a second working space of a third-party application on a resource management platform, configures a second API for the third-party application, and after the third-party application is authorized, the third-party application can access a corresponding resource in the resource management platform through the authorized second API. According to the application, richer data services can be provided for the user through the third-party application, so that the diversified requirements of the user are met, and the problem of insufficient coverage of the service range of the application platform is solved; in addition, the application platform configures the second API for the third-party application, so that the resource access range of the third-party application can be limited, the third-party application is prevented from abusing the authority, the data security of the user is guaranteed, and compared with a mode of issuing a token through an OAuth protocol, the mode does not need to transmit token data and is higher in security.
Fig. 1 is a scene schematic diagram of a resource management method according to an exemplary embodiment of the present application. As shown in fig. 1, the scenario includes: the system comprises a client, a first server, a second server and a third server, wherein an application platform based on data resource service is deployed in the first server; a third party platform corresponding to the application platform is deployed in the second server; and a resource management platform is deployed in the third server, and the resource management platform is used for providing data resource services for the application platform.
The client may be a Personal Digital Assistant (PDA) device, a handheld device with a wireless communication function (e.g., a smart phone or a tablet), a computing device (e.g., a Personal Computer (PC)), an in-vehicle device, a wearable device (e.g., a smart watch or a smart band), a smart home device (e.g., a smart display device), and the like, which are not limited in this embodiment.
The application platform is developed based on a resource management platform, and the resource management platform is used for providing data management service for the application platform. It should be understood that the application platform may be multiple types of platforms, each type of platform is used for providing different types of services in different fields, and the specific type of platform is not specifically limited in this application embodiment. Illustratively, in the field of smart transportation, the system can be a transportation cloud control platform, and is used for providing functions such as maps, data, intelligent algorithms, cloud-edge collaboration, device control, visual rendering and the like for constructing a smart transportation system, so that developers can use the functions to intelligently modify application scenes such as urban transportation, high-speed operation, large-scale hub scheduling and the like, and serve traffic managers and traffic travelers with innovative and intelligent application and optimization schemes.
In the embodiment of the present application, the type of the resource management platform is not specifically limited, and in an optional implementation, the resource management platform is, for example: a series of platforms capable of providing resource management services, such as a data resource platform (DataQ), it should be understood that other resource management platforms capable of implementing corresponding functions should be within the scope covered by the embodiments of the present application.
In some embodiments, the first server may be used to implement one or more functions of the application platform; the second server may be for implementing one or more functions of a third party application; the third server may be used to implement one or more functions of the resource management platform.
In some embodiments, the first server, the second server, and the third server may be a single server, a server cluster, a distributed server, a centralized server, or a cloud server, for example, a public cloud server, a hybrid cloud, or a private cloud server, and the like.
In the embodiment of the application, the application data resources of the application platform and the application working space corresponding to the application platform are configured in the resource management platform, the application working space is used for isolating resources such as cloud computing and scenes on the resource management platform, and the application platform can call the data resources on the resource management platform in the application working space.
In an embodiment of the application, the different workspaces correspond to different APIs, and the application platform may access different data resources through the APIs.
It should be noted that, depending on different types of resource management platforms, the types of data resources that can be provided are also different, and still taking the DataQ platform as an example, the data resources may include the following: a Relational Database Service (RDS), an Object Storage Service (OSS), a cloud native data repository (AnalyticDB), a Remote Dictionary Service (Redis), and so on, which are not shown herein.
In some optional embodiments, the scenario further includes: the user (not shown in fig. 1). In practical applications, a user (for example, a developer of a third-party application) may send a registration application of the third-party application to a first server based on a client, so as to apply for registering the third-party application to the first server (i.e., an application platform), so that after obtaining resource authorization, the third-party application may provide corresponding services for its user through these resources; accordingly, the user of the third-party application can also access the related resources on the resource management platform through the third-party application.
It should be noted that the above description of the resource management system is for illustration and description only, and does not limit the application scope of the embodiments of the present application, and it will be apparent to those skilled in the art that various modifications and changes can be made in the resource management system under the guidance of one or more embodiments of the present application. Of course, such modifications and variations are within the scope of the present description.
In the following, the technical solution of the present application is described in detail by specific embodiments in conjunction with the application scenario shown in fig. 1. It should be noted that the following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments.
In addition, each platform mentioned in the embodiments of the present application includes, but is not limited to, one or a combination of several of a web page, a browser plug-in, a client, a customization system, and an enterprise internal application system; accordingly, the interaction between the platforms includes, but is not limited to, data interaction through web pages, browser plug-ins, clients, customization systems, enterprise internal application systems, and the like.
Referring to fig. 2, fig. 2 is a first flowchart illustrating a resource management method according to an exemplary embodiment of the present application. As shown in fig. 2, the resource management method includes:
s201, the client sends a parking application to the first server.
The presence application is used for applying for the presence of the third-party application on the application platform, and the embodiment of the present application is not limited to a user triggering the presence application, for example, the user is a developer or a holder of the third-party application. In the following embodiments, the user is taken as an example of a developer of a third-party application.
Referring to fig. 3, fig. 3 is a schematic diagram illustrating a first principle of a resource management method according to an exemplary embodiment of the present application. As shown in fig. 3, a developer may enter a service interface of an application platform through a client, so as to trigger an enrollment operation of the application platform through the service interface; accordingly, the client sends a docking application to the first server.
S202, the first server responds to the received parking application and obtains the identification information of the second API according to the parking application.
In some alternative embodiments, the identification information of the second API may be carried in the resident application. Specifically, when a developer triggers an operation of the resident resource management platform, the developer can select a required data resource service on the service interface.
Since different data resource services correspond to different data resources and different data resources require different APIs for access. In this embodiment of the present application, at least one service item may be set in the service interface, for example: service item 1, service item 2 … service item n …, and so on.
The specific type of the service item and the data resource corresponding to each service item depend on the deployment situation of the application platform, and the embodiment of the present application is not particularly limited. For example, taking an application platform as a traffic cloud control platform, the service items are, for example: map services, data development services, AI algorithm services, control services, vision services, and computing services, among others.
Taking a service item as an example of a computing service, the corresponding data resources are, for example: cloud computing resources, edge computing resources, and the like, which are used for providing corresponding computing services for users, and specific APIs are required for accessing the resources.
Correspondingly, in the embodiment of the application, at least one service item can be provided on the service interface, and accordingly, after a developer selects a required service item, the data resource corresponding to the service item can be determined, and further, the API for accessing the data resource is determined to be the second API.
Illustratively, service item 1 corresponds to API1, service item 2 corresponds to API 2, and service item 3 corresponds to API 3, and if the developer selects service item 1 and service item 3 on the service interface, the second API is: API1 and API 3.
Further, when the developer completes selection on the service interface, the client can send the identification information corresponding to each second API to the first server where the application platform is located according to the selection condition of the developer.
S203, according to the identification information of the second API, a second working space of the third-party application is created on the resource management platform.
And the second workspace is used for providing data resource services for the user through the third-party application. In this embodiment of the present application, an API storage space may be set for the second workspace, so that the second API is copied to the storage space corresponding to the second workspace, so as to complete configuration of the API.
It should be noted that, because the third-party application is resident in the application platform, only part or all of the APIs in the first API can be provided to the third-party application, the second API should be at least part of the interfaces in the first API, and correspondingly, if a certain API in the second list selected by the developer is not an interface in the first API, the API needs to be deleted.
In the embodiment of the application, because the second API is at least part of the interface in the first API, by configuring the second API to the storage space corresponding to the second working space, if a certain second API is authorized, a developer of the third-party application can access the data resource corresponding to the application platform through the authorized second API in the third-party application.
It should be noted that, for the resource management platform, different users may create a service account on the resource management platform, and the users may use a workspace on the resource management platform by logging in the service account. For example, for an application platform, an application service account corresponding to the application platform is created on a resource management platform, and for a third-party application, a developer of the third-party application may also create the third-party service account on the resource management platform.
Correspondingly, in the embodiment of the application, on one hand, the application platform can create a second workspace for the third-party application in the application service account of the resource management platform; on the other hand, the application platform may also create a third-party service account for the third-party application at the resource management platform, and then create the second workspace from the third-party service account. It should be understood that the example shown in fig. 3 illustrates, but is not limited to, creating the second workspace in the application service account.
In the embodiment of the application, the third-party application is embedded in the resource management platform, richer data services can be provided for a third-party application user, so that the user requirements are met, meanwhile, the application platform configures the second API for the third-party application, the resource access range of the third-party application can be limited, the abuse permission of the third-party application is prevented, the data security of the user is guaranteed, and compared with a mode of issuing a token through an OAuth protocol, the authorization mode does not need to transmit token data, and the security is higher.
In some optional embodiments, the first server may authorize the third party platform to use the rights of some or all of the APIs in the second API, so that the third party platform may access the corresponding resources through the authorized APIs.
Specifically, the authorization process specifically includes: and sending the identity credential of the target second API to the second server, wherein the target second API is at least part of the second API.
In practical applications, each API corresponds to an identity credential, and only if the identity credential is obtained, the API can access the corresponding resource. Therefore, in an optional implementation manner, after the configuration of the second API is completed, the identity credential corresponding to the target second API may be sent to the client of the developer, so that the developer can use the authorized target second API to access the corresponding data resource through the identity credential.
Referring to fig. 4, fig. 4 is a schematic flowchart illustrating a second resource management method according to an exemplary embodiment of the present application. As shown in fig. 4, the resource management method includes:
s401, the client sends a parking application to the first server.
It should be noted that the principle and implementation of step S401 are similar to those of step S201 in the embodiment shown in fig. 2, and are not described herein again.
402. The first server obtains a first manifest.
The first list comprises identification information corresponding to at least one first API. Compared with the embodiment shown in fig. 2, in the embodiment of the present application, when the resident application does not carry the identification information of the second API, the first server may obtain the first list corresponding to the application platform, so that the developer determines the required second API from the first APIs included in the first list.
In one aspect, a first server may obtain a first manifest in its corresponding database. The database may be a storage space located on the first server, or may be a local storage space corresponding to the application platform, which is not specifically limited in the embodiment of the present application.
In another aspect, the first server may also obtain the first manifest from the resource management platform. For example, please refer to fig. 3 continuously, as shown in fig. 3, a first workspace corresponding to the application platform is configured on the resource management platform, and a first API corresponding to the application platform is stored in a storage space of the first workspace, so that the application platform can access corresponding resources on the resource management platform through the first APIs.
Therefore, in the embodiment of the present application, when the first server receives the enrollment application, the first server may send a first list acquisition request to the resource management platform, so as to acquire the first list.
It should be noted that the first API in the first list may be an API corresponding to all data resources created by the application platform, or may be a part of the API, which is not limited in the embodiment of the present application.
Specifically, in some optional embodiments, the first API in the first list may be set according to a requirement. For example, if a resource accessed by some APIs cannot be authorized for use by the third-party application, the API corresponding to the resource may be prohibited from being sent to the second server. Still taking fig. 3 as an example, the first APIs corresponding to all data resources of the application platform include: the first API included in the acquired first list may be API1, API 3, and API 4, if the data resource corresponding to API 2 needs to prohibit the access of the third party application.
S403, the first server sends the first list to the client.
S404, the client side obtains a second list obtained according to the first list.
And the second list comprises identification information corresponding to at least one second API. Specifically, in the embodiment of the present application, the second API may be selected by the developer on the service interface. Specifically, after receiving the first manifest, the client may display the first manifest to the developer through the service interface, and the developer selects the required identification information of the second API from the first manifest, so as to obtain the second manifest including the identification information of the second API.
It should be noted that, for the type of the identification information of the API, the embodiment of the present application is not specifically limited. In some optional embodiments, the identification information may be service items corresponding to APIs, for example, service item 1 corresponds to API1, service item 2 corresponds to API 2, service item 3 corresponds to API 3, and service item 4 corresponds to API 4, if the developer selects service item 1 and service item 3 on the service interface, the second API is: API1 and API 3.
In the embodiment of the application, the API is displayed to the developer in a service item mode, so that the developer can visually check the available service items, and the required second API can be selected more accurately.
S405, the client sends the second list to the first server.
S406, the first server creates a second working space of the third-party application on the resource management platform according to the identification information of the second API.
It should be noted that step S406 in the embodiment of the present application is similar to step S203 in the embodiment shown in fig. 2, and specific reference may be made to the above embodiment, which is not repeated herein.
In the embodiment of the application, the first list is provided for the developer to select, so that the second API selected by the developer can be normally used, and compared with a mode that the developer directly sends the second list through the immigration application, the situation that some APIs in the sent second list are unavailable can be avoided, and the processing efficiency of the immigration resource management platform can be applied by a third party. In addition, the API is displayed to the developer in a service item mode, so that the developer can visually check the available service items, and the required second API can be selected more accurately.
In some optional embodiments, after the first server obtains the second manifest, the method further includes the following steps:
s4051, storing the identification information of the second API into a database corresponding to the application platform.
It should be noted that the database may be a storage space located on the first server, or may also be a local storage space corresponding to the application platform, and the embodiment of the present application is not specifically limited.
In the embodiment of the application, the identification information of the second API is stored in the database, so that the access authority of the third-party application can be recorded, a basis is provided in the subsequent resource management process, and the reliability of the system is further improved.
In some optional embodiments, the user may also create a user data resource (for example, by purchasing or the like) in the resource management platform based on the first server (application platform). Referring to fig. 5, fig. 5 is a third flowchart illustrating a resource management method according to an exemplary embodiment of the present application. As shown in fig. 5, the resource management method includes the following steps:
s501, the client responds to the resource creating operation initiated by the user and sends a resource creating instruction to the first server.
It should be noted that the user may be any person, for example, a developer of a third-party application, or other users who need to use data resources on the resource management platform.
In addition, as to the type of the resource creating operation, the embodiment of the present application is not particularly limited, and for example, for some application platforms, the application platforms provide a resource purchasing service, and a user may purchase a required resource on the application platform, so as to create a user data resource on the resource management platform through the application platform.
S502, the first server responds to the received resource creating instruction of the user, creates a third working space in the resource management platform, and creates user data resources corresponding to the user in the application data resources.
Wherein the third workspace is used for providing data resource services for the user based on the application platform.
It should be noted that, for the resource management platform, different users may create a service account on the resource management platform, and the user may use a working space on the resource management platform by logging in the service account.
For example, please refer to fig. 6, fig. 6 is a schematic diagram illustrating a principle of a resource management method according to an exemplary embodiment of the present application. As shown in fig. 6, for an application platform, an application service account corresponding to the application platform is created on a resource management platform. Similarly, for a user, the user may also create a user service account (not shown) on the resource management platform.
Therefore, in the embodiment of the application, on one hand, a user may create a user data resource in an application service account, and at this time, the user data resource is a data resource in application data resources of an application platform.
On the other hand, the user may also create a user data resource in the user service account, that is, the user data resource is a data resource other than the application data resource.
In the embodiment of the application, for a user, if the user does not create the user service account in the resource management platform, the user data resource cannot be directly created in the resource management platform, so that the user data resource can be created in the application data resource of the application platform; correspondingly, if the user creates the user service account in the resource management platform, the user data resource can be directly created in the resource management platform (a resource other than the application data resource), or the user data resource can be optionally created in the application data resource.
Fig. 6 illustrates the creation of a user data resource in an application service account, but the invention is not limited thereto.
And S503, configuring a third API for the third working space according to the first API.
In the embodiment of the application, at least one third API is created while the user data resources and the user workspace are created, so that a user can access the user data resources created by the user on the resource management platform through the third API.
It should be noted that the third API may be at least a part of the interface in the first API, and the third API may be determined according to the resource creation requirement of the user. Illustratively, the application platform can show the service items which can be provided by the resource management platform to the user, and the user can determine the resources required to be created by selecting the service items.
Illustratively, service item 1 corresponds to resource a, service item 2 corresponds to resource b, service item 3 corresponds to resource c, service item 4 corresponds to resource d, and if the user selects service item 1, service item 3 and service item 4 through the application platform, the user data resources that the user needs to create include: resource a, resource b, and resource d.
Further, determining the APIs for accessing the resource a, the resource b, and the resource d as third APIs, and configuring the third APIs to a third application space, thereby completing the configuration of the APIs. As shown in fig. 6, it is exemplified that the third API includes API1, API 2 and API 4, that is, API1, API 2 and API 4 in the first workspace are authorized to the third workspace.
Specifically, the first server may expose the identity credential corresponding to the third API to the user through a service interface of the application platform, thereby completing the authorization. Correspondingly, the user can access the corresponding user data resource based on the third API corresponding to the identity certificate through the identity certificate.
It should be noted that other resource visitors authorized by the user may also access the corresponding user data resource based on the third API through the identity credential.
In the embodiment of the application, the resource visitor can only visit the corresponding user data resource through the authorized third API without authorizing the self identity certificate of the user to the application platform, so that the safety is high, the user data resource can be prevented from being leaked, the phenomenon that the resource visitor abuses the data resource of the user is avoided, and the data safety of the user is guaranteed.
In some optional embodiments, the user of the resource management platform may further obtain a usage right of the third-party application, so as to provide the corresponding service through the third-party application. Referring to fig. 5, the process of acquiring the usage right of the third-party application by the user specifically includes the following steps:
s511, the client sends an authority acquisition request to the first server in response to receiving the authority acquisition operation initiated by the user.
It should be noted that the user may be any user who needs to use a third-party application, and the embodiment of the present application is not particularly limited. In a specific implementation, a user can enter a service interface of an application platform through a client, a first server can display an identifier of a third-party application corresponding to the application platform in the service interface, and the user can trigger the identifier of the third-party application to be used in the service interface according to a requirement, so that permission obtaining operation is initiated.
The third-party application corresponding to the application platform is an application hosted by the application platform to the resource management platform, and it should be understood that the solution for hosting the third-party application to the resource management platform is please refer to the above embodiment, which is not described herein again.
Correspondingly, after the user triggers the identifier of the third-party application which needs to be used, the client sends an authority obtaining request to the first server, wherein the authority obtaining request is used for obtaining the use authority of the third-party application for the user.
In some optional embodiments, a user may have multiple accounts on the application platform, and due to resource isolation between different accounts, the user may acquire the usage right of the third-party application for any one or more specified accounts. Correspondingly, after the user acquires the use permission of the third-party application for any one or more specified accounts, the account can be used to use the corresponding third-party application after logging in a certain account with the use permission of the third-party application.
Specifically, when a user initiates an authority acquisition operation in a service interface, the user can select an account number of a third-party application to be used while selecting the third-party application to be acquired. Illustratively, the account 1, the account 2 and the account 3 are included in an application platform by a user a, and a third party application corresponding to the application platform includes: application 1, application 2, and application 3 are examples, and a user may purchase any one or more of application 1, application 2, and application 3 for any one or more of account 1, account 2, and account 3.
For example, taking an authority purchasing operation initiated by a user as "purchasing application 3 for account 1" as an example, an account identifier corresponding to "account 1" and an application identifier corresponding to "application 3" may be carried in the authority acquiring request.
It should be noted that, as for the type of the account ID, the embodiment of the present application is not specifically limited, and for example, the type of the account ID may be an account ID, a nickname corresponding to the account, and the like. In addition, the user can purchase the use permission of a plurality of third-party applications for the same account number at the same time; alternatively, the usage rights of the same third-party application can be purchased for multiple accounts at the same time.
S512, the first server responds to the received permission obtaining request of the user and determines an account identification carried in the permission obtaining request.
S513, the first server obtains a third list corresponding to the account.
It should be noted that the third list includes identification information corresponding to at least one third API. Wherein, the third API is configured for the third working space of the user by the first server when the user creates the user data resource, and for a specific configuration manner of the third API, please refer to the above steps S501 to S503, which is not described herein again.
And S514, the first server acquires a target API corresponding to the fourth list in the third list according to the fourth list corresponding to the third-party application, and authorizes the target API to the second workspace.
It should be noted that, because different third-party applications are used to provide different services, resources required by the different third-party applications are also different, in this embodiment of the application, the fourth manifest includes at least one API required by the third-party application, and the third-party application can access the required resources through the APIs.
Illustratively, when the third-party application a provides service for the user, the required resources are resource 1, resource 2 and resource 3, and when the third-party application b provides service for the user, the required resources are resource 4, resource 5 and resource 6; the APIs required by the third party application a include: an API for accessing resource 1, resource 2, and resource 3; the APIs required by the third party application b include: an API for accessing resource 4, resource 5, and resource 6.
Referring to fig. 7, fig. 7 is a schematic diagram illustrating a principle diagram of a resource management method according to an exemplary embodiment of the present application. As shown in fig. 7, when the user creates a resource for the account, the created API configured in the third workspace includes: API1, API 2 and API 4.
And taking the API included in the fourth list corresponding to the third-party application as: API1, API 2, and API 3 are taken as examples, and the target API corresponding to the fourth list in the third list corresponding to the user is: API1 and API 2.
Further, API1, API 2 are granted to the second workspace. Specifically, the identity credentials corresponding to API1 and API 2 may be exposed to the user through the application platform.
In some alternative embodiments, the user may enter the service interface of the third-party application through the client to use the service of the third-party application.
In the embodiment of the application, the application platform provides the authority acquisition function of the third-party application for the user, so that the user can use the third-party application to realize richer functions and meet diversified service requirements of the user; meanwhile, the application range of the data resources is strictly controlled through API authorization, and the abuse of the permission of the third-party application can be prevented, so that the data security of the user is guaranteed.
As an optional implementation manner, the target API may be further determined based on a third API corresponding to the user account and a second API configured when the third-party application is hosted in the application platform. Specifically, the step S514 may be replaced by the following steps:
and the first server acquires a target API corresponding to the second API in the third list according to the second API corresponding to the third-party application.
Illustratively, the second API corresponding to the third-party application includes API1 and API 3, and the third API of the third manifest includes: API1, API 2 and API 4 are taken as examples, that is, when a third party application is hosted in the application platform, the configured second APIs include API1 and API 3, and in the authorization process, these second APIs may be only authorized to the third party application, and since the user only has the usage right of API1, the user can only authorize API1 to the third party application. That is, the target API in this scheme is API 1.
In some optional embodiments, the developer may also access the user's corresponding user data resource in the resource management platform through an authorized target API.
In addition, if the application platform authorizes the use permission of part of the second API for the third-party application, the developer can also access the application data resource of the application platform in the resource management platform through the authorized second API; illustratively, taking the third-party application accessing the user data resource as an example, the method specifically includes the following steps:
s521, the client sends a resource access request to the second server.
It should be noted that the client in this step may be a client corresponding to a developer of the third-party application.
For example, after a certain user authorizes a target API corresponding to the own account to a third-party application, the developer may obtain user data resources of the user under the account on the resource management platform through the third-party application.
In the embodiment of the application, the resource access request carries identification information of the target resource accessed by the developer.
It should be noted that, for the type of the identification information, the embodiment of the present application is not specifically limited, and in an alternative implementation, at least one service item is set in the third-party application, for example, item 1, item 2, and the like, and different service items are used for providing different types of application services.
In addition, different service items correspond to different data resources, taking an item corresponding to a computing service as an example, the corresponding resource is, for example: cloud computing resources, edge computing resources and the like, which are used for providing corresponding computing services for developers. As for the resource corresponding to each service item, the resource depends on the deployment situation of the third-party application, and the embodiment of the present application is not particularly limited.
Correspondingly, in the embodiment of the application, the developer can determine that the resource corresponding to the project is the target resource by selecting the corresponding service project on the interface of the client, and correspondingly, after the developer selects the service project, the identification information of the target resource corresponding to the service project is sent to the second server where the third-party application is located.
S522, the second server determines the target resource corresponding to the identification information in the user data resource of the resource management platform.
S523, the second server obtains a target resource in the user data resource from the resource management platform based on the target API.
In some optional embodiments, after the third-party application is hosted in the resource management platform through the application platform and authorizes the use permission of part of the second API for the third-party application, the developer may obtain the application data resource corresponding to the application platform on the resource management platform through the third-party application.
For a specific manner of configuring the second API for the third-party application, please refer to the embodiments shown in fig. 2 to fig. 4, which is not described herein again. Illustratively, continuing with reference to fig. 7, taking as an example that the authorized second APIs include "API 1 and API 3" and the target API includes "API 1 and API 2", when the target resource is a resource in the application data resource, the target resource is accessed through "API 1 and API 3", and when the target resource is a resource in the user data resource, the target resource is accessed through "API 1 and API 2".
It should be appreciated that different resources are used to provide different services, each resource having a corresponding API, each API requiring an identity credential to be able to access the corresponding resource. Exemplarily, taking an API corresponding to the resource a as API1, an API 2 corresponding to the resource b, and an API 3 corresponding to the resource c as an example, if the target resource is the resource c, the target resource is a resource in the application data resource, and at this time, the target resource is accessed through the API 3; similarly, if the target resource is resource b, the target resource is a resource in the user data resource, and the target resource needs to be accessed through API 2.
And S524, the second server sends the target resource to the client.
In the embodiment of the application, the data resource service is opened for the application platform on the resource management platform, the application working space is established, and the resource visitor can only access the user data resources in the application working space through the first API without authorizing the identity certificate of the tenant to the application platform, so that the safety is high, the user data resources can be prevented from being leaked, the phenomenon that the resource visitor abuses the data resources of the tenant is avoided, and the data safety of the tenant is guaranteed.
Referring to fig. 8, fig. 8 is a schematic structural diagram of a resource management device according to an exemplary embodiment of the present application. It should be understood that the resource management apparatus 800 is applied to a first server, where an application platform based on a resource management platform is deployed in the first server, the resource management platform includes a first workspace corresponding to the application platform, the first workspace corresponds to at least one first API, and the application platform is configured to access application data resources in the resource management platform based on the first API;
as shown in fig. 8, the resource management apparatus 800 includes: the first processing module 801 is configured to, in response to receiving a parking application sent by a client, obtain identification information of a second API according to the parking application, where the second API is at least part of APIs in the first API, and the parking application is used to apply for parking a third-party application on an application platform;
the second processing module 802 is configured to create a second working space of the third-party application on the resource management platform according to the identification information of the second API, and configure the second API for the second working space, so as to implement the hosting of the third-party application.
In some embodiments, the resource management apparatus 800 further comprises: a sending module 803; the first processing module 801 is specifically configured to: in response to receiving a parking application sent by a second server where a third-party application of an application platform is located, acquiring a first list, wherein the first list comprises identification information corresponding to at least one first API; the sending module 803 is specifically configured to: sending a first list to a client; the first processing module 801 is further configured to: and acquiring a second list sent by the client, wherein the second list is determined according to the first list, and the second list comprises identification information corresponding to at least one second API.
In some embodiments, the first processing module 801 is further configured to: and storing the identification information of the second API into a database corresponding to the application platform.
In some embodiments, the second processing module 802 is further configured to: in response to receiving a resource creating instruction of a user, creating a third working space in the resource management platform, and creating a user data resource corresponding to the user in the application data resource; and configuring a third API for the third working space according to the first API, wherein the third API is used for accessing user data resources in the resource management platform.
In some embodiments, the resource management platform includes an account of at least one user, and the first processing module 801 is further configured to: in response to receiving a permission acquisition request of a user, determining an account identifier carried in the permission acquisition request, wherein the permission acquisition request is used for acquiring the use permission of the third-party application for an account corresponding to the account identifier; acquiring a third list corresponding to the account, wherein the third list comprises identification information corresponding to at least one third API; according to a fourth list corresponding to the third-party application, acquiring a target API corresponding to the fourth list in the third list, or according to the second API, acquiring a target API corresponding to the second API in the third list, wherein the fourth list comprises identification information of at least one API; and authorizing the target API to the second working space, wherein the second server is used for accessing the user data resources corresponding to the account through the target API.
In some embodiments, the first processing module 801 is specifically configured to: and sending the identity certificate of the target API to a second server through the sending module 803, where the second server is configured to access the user data resource corresponding to the account through the identity certificate of the target API.
It should be noted that the resource management apparatus 800 provided in this embodiment of the application is configured to perform the steps of the resource management method performed by the first server in the corresponding method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
Referring to fig. 9, fig. 9 is a schematic structural diagram of a resource management device according to an exemplary embodiment of the present application. It should be understood that the resource management apparatus 900 is applied to a second server, where a third-party application of an application platform is deployed in the second server, the third-party application resides in an application platform based on a resource management platform, a second workspace corresponding to the third-party application is included in the resource management platform, the second workspace corresponds to at least one target API, the application platform is configured to access a data resource in the resource management platform based on the target API, and the data resource includes a user data resource;
as shown in fig. 9, the resource management apparatus 900 includes: a receiving module 901, configured to receive a resource access request sent by a client, where the resource access request carries identification information of an accessed target resource; a determining module 902, configured to determine a target resource corresponding to the identification information in the user data resource of the resource management platform; an obtaining module 903, configured to obtain, based on an identity credential corresponding to a target API, a target resource in user data resources from a resource management platform, where the identity credential corresponding to the target API is authorized by a user corresponding to the user data resource to a third-party application; a sending module 904, configured to send the target resource to the client.
It should be noted that the resource management apparatus 900 provided in this embodiment of the present application is configured to perform the steps of the resource management method performed by the second server in the corresponding method embodiment, and the implementation principle and the technical effect are similar, and are not described herein again.
Fig. 10 is a schematic structural diagram of a server according to an exemplary embodiment of the present application. As shown in fig. 10, the server 1000 includes: a memory 1003 and a processor 1004.
It should be understood that the server 1000 according to the embodiment of the present application may be the first server and/or the second server, and the embodiment of the present application is not particularly limited.
The memory 1003 is used for storing computer programs and may be configured to store other various data to support operations on the server. The store 1003 may be an Object Storage Service (OSS).
The memory 1003 may be implemented by any type or combination of volatile or non-volatile memory devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
A processor 1004 coupled to the memory 1003 for executing the computer program in the memory 1003 for executing the method part executed by the server in the above method embodiment.
Further, as shown in fig. 10, the edge computing device 1000 further includes: firewall 1001, load balancer 1002, communications component 1005, power component 1006, and other components. Only some of the components are schematically shown in fig. 10, and it is not meant that the server includes only the components shown in fig. 10.
Accordingly, the present application also provides a computer readable storage medium storing a computer program, which when executed by a processor causes the processor to implement the steps in the above method embodiments.
Accordingly, the present application also provides a computer program product, which includes a computer program/instruction, when executed by a processor, causes the processor to implement the steps in the above method embodiments.
The communications component 1005 of fig. 10 described above is configured to facilitate communications between the device in which the communications component resides and other devices in a wired or wireless manner. The device where the communication component is located can access a wireless network based on a communication standard, such as a WiFi, a 2G, 3G, 4G/LTE, 5G and other mobile communication networks, or a combination thereof. In an exemplary embodiment, the communication component receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
The power supply assembly 1006 of fig. 10 provides power to the various components of the device in which the power supply assembly is located. The power components may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the device in which the power component is located.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
It should be noted that in some of the flows described in the above embodiments and the drawings, a plurality of operations are included in a specific order, but it should be clearly understood that the operations may be executed out of the order presented herein or in parallel, and the sequence numbers of the operations, such as 201, 202, etc., are merely used for distinguishing different operations, and the sequence numbers do not represent any execution order per se. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel. It should be noted that, the descriptions of "first", "second", etc. in this document are used for distinguishing different messages, devices, modules, etc., and do not represent a sequential order, nor limit the types of "first" and "second" to be different.

Claims (10)

1. A resource management method is applied to a first server, wherein an application platform based on a resource management platform is deployed in the first server, the resource management platform comprises a first working space corresponding to the application platform, the first working space corresponds to at least one first Application Programming Interface (API), and the application platform is used for accessing application data resources in the resource management platform based on the first API;
the resource management method comprises the following steps: responding to a received parking application sent by a client, and acquiring identification information of a second API according to the parking application, wherein the second API is at least part of the first API, and the parking application is used for applying for parking a third party application on the application platform;
and creating a second working space of the third-party application on the resource management platform according to the identification information of the second API, and configuring the second API for the second working space so as to realize the immigration of the third-party application.
2. The resource management method according to claim 1, wherein the obtaining, in response to receiving a parking application sent by a second server where a third-party application of the application platform is located, identification information of a second API according to the parking application includes:
responding to a received parking application sent by a second server where a third-party application of the application platform is located, and acquiring a first list, wherein the first list comprises identification information corresponding to at least one first API;
sending the first manifest to the client;
and acquiring a second list sent by the client, wherein the second list is determined according to the first list, and the second list comprises identification information corresponding to at least one second API.
3. The resource management method according to claim 1, wherein after obtaining the identification information of the second API according to the parking application, the resource management method further comprises: and storing the identification information of the second API into a database corresponding to the application platform.
4. The resource management method according to any one of claims 1 to 3, further comprising:
in response to receiving a resource creating instruction of a user, creating a third workspace in the resource management platform, and creating a user data resource corresponding to the user in the application data resource;
and configuring a third API for the third working space according to the first API, wherein the third API is used for accessing the user data resources in the resource management platform.
5. The resource management method according to claim 4, wherein the resource management platform includes at least one account of the user, and the resource management method further comprises:
in response to receiving an authority acquisition request of the user, determining an account identifier carried in the authority acquisition request, wherein the authority acquisition request is used for acquiring the use authority of the third-party application for an account corresponding to the account identifier;
acquiring a third list corresponding to the account, wherein the third list comprises identification information corresponding to at least one third API;
according to a fourth list corresponding to the third-party application, acquiring a target API corresponding to the fourth list in the third list, or according to the second API, acquiring a target API corresponding to the second API in the third list, wherein the fourth list comprises identification information of at least one API;
and authorizing the target API to the second workspace, wherein the second server is used for accessing the user data resources corresponding to the account through the target API.
6. The method of claim 5, wherein the authorizing the target API to the second workspace comprises:
and sending the identity certificate of the target API to the second server, wherein the second server is used for accessing the user data resource corresponding to the account through the identity certificate of the target API.
7. A resource management method is applied to a second server, a third party application of an application platform is deployed in the second server, the third party application is resident in the application platform based on a resource management platform, the resource management platform comprises a second working space corresponding to the third party application, the second working space corresponds to at least one target API, the application platform is used for accessing data resources in the resource management platform based on the target API, and the data resources comprise user data resources;
the resource management method comprises the following steps: receiving a resource access request sent by a client, wherein the resource access request carries identification information of an accessed target resource;
determining a target resource corresponding to the identification information in the user data resource of the resource management platform;
acquiring the target resource in the user data resource from the resource management platform based on the identity credential corresponding to the target API, wherein the identity credential corresponding to the target API is authorized to the third-party application by the user corresponding to the user data resource;
and sending the target resource to the client.
8. The resource management device is applied to a first server, wherein an application platform based on a resource management platform is deployed in the first server, the resource management platform comprises a first workspace corresponding to the application platform, the first workspace corresponds to at least one first API, and the application platform is used for accessing application data resources in the resource management platform based on the first API;
the resource management apparatus includes: the first processing module is used for responding to a received resident application sent by a client and acquiring identification information of a second API according to the resident application, wherein the second API is at least part of APIs in the first API, and the resident application is used for applying for the resident application of a third party on the application platform;
and the second processing module is used for creating a second working space of the third-party application on the resource management platform according to the identification information of the second API, and configuring the second API for the second working space so as to realize the immigration of the third-party application.
9. A resource management device is applied to a second server, a third-party application of an application platform is deployed in the second server, the third-party application is resident in an application platform based on a resource management platform, the resource management platform comprises a second working space corresponding to the third-party application, the second working space corresponds to at least one target API, the application platform is used for accessing data resources in the resource management platform based on the target API, and the data resources comprise user data resources;
the resource management apparatus includes: the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving a resource access request sent by a client, and the resource access request carries identification information of an accessed target resource;
a determining module, configured to determine, in the user data resource of the resource management platform, a target resource corresponding to the identification information;
an obtaining module, configured to obtain, from the resource management platform, the target resource in the user data resource based on an identity credential corresponding to the target API, where the identity credential corresponding to the target API is authorized by a user corresponding to the user data resource to the third-party application;
and the sending module is used for sending the target resource to the client.
10. A server, comprising: at least one processor; and a memory communicatively coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor to enable the server to perform the method of resource management of any of claims 1 to 7.
CN202210283909.7A 2022-03-21 2022-03-21 Resource management method, device and server Active CN114666125B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210283909.7A CN114666125B (en) 2022-03-21 2022-03-21 Resource management method, device and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210283909.7A CN114666125B (en) 2022-03-21 2022-03-21 Resource management method, device and server

Publications (2)

Publication Number Publication Date
CN114666125A true CN114666125A (en) 2022-06-24
CN114666125B CN114666125B (en) 2024-03-22

Family

ID=82031245

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210283909.7A Active CN114666125B (en) 2022-03-21 2022-03-21 Resource management method, device and server

Country Status (1)

Country Link
CN (1) CN114666125B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024041338A1 (en) * 2022-08-23 2024-02-29 华为技术有限公司 Data access method and electronic device

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103220261A (en) * 2012-01-21 2013-07-24 华为技术有限公司 Proxy method, device and system of open authentication application program interface
CN103957255A (en) * 2014-04-30 2014-07-30 华南理工大学 Lightweight application development cloud service platform and method for having access to resources thereof
CN106372532A (en) * 2016-09-05 2017-02-01 用友优普信息技术有限公司 Open application program interface service platform as well as calling control method and device
CN106462408A (en) * 2014-05-20 2017-02-22 亚马逊科技公司 Low latency connections to workspaces in a cloud computing environment
CN106982187A (en) * 2016-01-15 2017-07-25 中兴通讯股份有限公司 resource authorization method and device
WO2017196774A1 (en) * 2016-05-11 2017-11-16 Oracle International Corporation Multi-tenant identity and data security management cloud service
CA3034665A1 (en) * 2019-02-22 2020-08-22 The Toronto-Dominion Bank Methods and systems for controlling access to a protected resource
CN112637214A (en) * 2020-12-24 2021-04-09 北京金山云网络技术有限公司 Resource access method and device and electronic equipment
US20210342196A1 (en) * 2020-04-30 2021-11-04 Microsoft Technology Licensing, Llc Multiple customer environment management in a cloud services platform
CN113924551A (en) * 2019-05-07 2022-01-11 思杰系统有限公司 Method and system for accessing remotely stored files using virtual applications

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103220261A (en) * 2012-01-21 2013-07-24 华为技术有限公司 Proxy method, device and system of open authentication application program interface
CN103957255A (en) * 2014-04-30 2014-07-30 华南理工大学 Lightweight application development cloud service platform and method for having access to resources thereof
CN106462408A (en) * 2014-05-20 2017-02-22 亚马逊科技公司 Low latency connections to workspaces in a cloud computing environment
CN106982187A (en) * 2016-01-15 2017-07-25 中兴通讯股份有限公司 resource authorization method and device
WO2017196774A1 (en) * 2016-05-11 2017-11-16 Oracle International Corporation Multi-tenant identity and data security management cloud service
CN106372532A (en) * 2016-09-05 2017-02-01 用友优普信息技术有限公司 Open application program interface service platform as well as calling control method and device
CA3034665A1 (en) * 2019-02-22 2020-08-22 The Toronto-Dominion Bank Methods and systems for controlling access to a protected resource
CN113924551A (en) * 2019-05-07 2022-01-11 思杰系统有限公司 Method and system for accessing remotely stored files using virtual applications
US20210342196A1 (en) * 2020-04-30 2021-11-04 Microsoft Technology Licensing, Llc Multiple customer environment management in a cloud services platform
CN112637214A (en) * 2020-12-24 2021-04-09 北京金山云网络技术有限公司 Resource access method and device and electronic equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘大红;刘明;: "第三方应用与开放平台OAuth认证互连技术研究", 电脑知识与技术, no. 22 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024041338A1 (en) * 2022-08-23 2024-02-29 华为技术有限公司 Data access method and electronic device

Also Published As

Publication number Publication date
CN114666125B (en) 2024-03-22

Similar Documents

Publication Publication Date Title
CN109710236B (en) Service development and implementation method, device, platform and medium based on shared service
EP3497951B1 (en) Secure private location based services
CN113239344B (en) Access right control method and device
US10044501B1 (en) Selective content security using visual hashing
CN105450581B (en) The method and apparatus of permission control
US20140173125A1 (en) Systems and methods for transferring a session between devices in an on-demand computing environment
CN105378768A (en) Proximity and context aware mobile workspaces in enterprise systems
CN104823189A (en) Orchestration framework for connected devices
CN104838630A (en) Policy-based application management
US11461752B2 (en) Wifi sharing system with mesh network functionality
US20170214673A1 (en) Secure assertion attribute for a federated log in
US20200293514A1 (en) Managing access by third parties to data in a network
CN105610681A (en) Information processing method based on instant communication and apparatus thereof
US20180005468A1 (en) Multi-user hotel tracking and check-in
CN111885211A (en) Application publishing method and device
US20210058787A1 (en) Wifi sharing system
CN113568970A (en) Application service data management method, device, equipment and storage medium
CN114666125B (en) Resource management method, device and server
CN103415847A (en) A system and method for accessing a service
CN108696864B (en) Virtual number request and transmission method, device and storage medium
CN110178153A (en) Reduced user authentication input requirements
CN112286632A (en) Cloud platform, cloud platform management method and device, electronic equipment and storage medium
CN114666126B (en) Resource management method, device, server and system
US20190311140A1 (en) Automatically Discovering Attribute Permissions
CN115098840A (en) Identity authentication method, device, equipment, medium and product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant